One reason to use a tunnel is to access some service across the internet. One way to do that is via a SSH tunnel. Assume you have a mail server at home on port 110 and you are on a public wifi. You can access your mail securely in two easy steps.
The command is
ssh -N remote-ssh-account -L localport:localmachine:remoteport
which specifies that the given port (2110) on the local (client) machine is to be forwarded to the given host and port (110) on the remote side. Whenever a connection is made to port 2110, the connection is forwarded over the secure channel, and a connection is made to host hostport on the remote machine. The bind_address of "localhost" indicates that the listening port be bound for local use only.
-N tells SSH we don't want to execute a remote command. Not terribly necessary, but makes it safer.
We can open a second tunnel to send mail with the same command
ssh -N remote-ssh-account -L 2110:localhost:110 -L 2025:localhost:25
A SSH tunnel requires no additional software to be installed on either the server or the client, unlike openvpn.
|
This site best viewed with a browser |
| Warning: This is a Debian centric site and MAY contain peanuts. | |
| Many thanks to Debra Lynn and Ian Murdock for making Debian possible | |
| First created Apr 22, 2008 ~ Last revised December 31, 2011 |
